Configure end-to-end HTTPS encryption for data transfers - Server Load Balancer

This topic describes how to configure end-to-end HTTPS encryption for Application Load Balancer (ALB).

Scenarios

Data security is important for enterprises that host a large percentage of workloads on the cloud, especially for enterprises in public service sectors and financial industries. To ensure high security, enterprises require data transfers to be encrypted from one end to the other. If a load balancing service is used, both frontend connections (connections between clients and the load balancing service) and backend connections (connections between the load balancing service and backend servers) must be encrypted.

ALB supports end-to-end HTTPS encryption for data transfers. HTTPS can encrypt data transfers between clients and ALB, and between ALB and backend servers to improve the security of sensitive data.

Configure end-to-end HTTPS encryption

Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
In the left-side navigation pane, choose ALB > Server Groups.

On the Server Groups page, click Create Server Group. The following table describes some of the parameters. Other parameters use the default values. After you set the parameters, click Create.

Parameter	Description
Server Group Type	Select the type of server group that you want to create. In this example, Server is selected.
Server Group Name	Enter a name for the server group.
VPC Resource Group	Select a resource group for the virtual private cloud (VPC).
VPC	Select a VPC from the drop-down list. In this example, the VPC where the ALB instance is deployed is selected.
Backend Server Protocol	Select a backend protocol. In this example, HTTPS is selected.
Scheduling Algorithm	Select a scheduling algorithm. In this example, the default value Weighted Round-robin is used.
Resource Group	Select a resource group for the server group.
IPv6 Support	Select whether to enable IPv6 for the VPC. IPv6 is disabled by default. If you disable IPv6, you can add only IPv4 backend servers to the server group. If you enable IPv6, you can add both IPv6 and IPv4 backend servers to the server group.
Session Persistence	Select whether to enable session persistence, which is disabled by default. If you disable session persistence, ALB distributes requests to different backend servers. If you enable session persistence, ALB distributes requests that are from the same client to the same backend server. In this example, session persistence is disabled, which is the default setting.
Persistent Connection	Select whether to enable persistent connections. If persistent connections are enabled, ALB maintains a certain number of connections to backend servers. Requests are preferentially distributed to idle TCP persistent connections to reduce the number of TCP handshakes. This reduces the loads on backend servers.
Health Check Settings	Specify whether to enable health checks. In this example, health checks are enabled, which is the default setting.
Advanced Settings	In this example, the default advanced settings are used. For more information, see Create and manage server groups.

On the Server Groups page, find the server group that you want to manage and click Modify Backend Server in the Actions column.
On the Backend Servers tab, click Add Backend Server.
In the Add Backend Server panel, specify the type of backend server, select the backend server that you want to add, and then click Next.
Set the port to 443, use the default weight, and then click OK.
For more information about how to create HTTPS listeners, see Add an HTTPS listener.
Note
On the Select Server Group wizard page, select the server group that you created.